USB device authorization: Difference between interface_authorized_default and authorized_default
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
What is the difference between /sys/bus/usb/devices/usbX/authorized_default
and /sys/bus/usb/devices/usbX/interface_authorized_default
? Basically, both of the files are responsible for denying access to newly connected devices to USB ports as described here. They seem to work in the same way, so what's the difference? Which one should I use?
linux-kernel usb
add a comment |Â
up vote
2
down vote
favorite
What is the difference between /sys/bus/usb/devices/usbX/authorized_default
and /sys/bus/usb/devices/usbX/interface_authorized_default
? Basically, both of the files are responsible for denying access to newly connected devices to USB ports as described here. They seem to work in the same way, so what's the difference? Which one should I use?
linux-kernel usb
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
What is the difference between /sys/bus/usb/devices/usbX/authorized_default
and /sys/bus/usb/devices/usbX/interface_authorized_default
? Basically, both of the files are responsible for denying access to newly connected devices to USB ports as described here. They seem to work in the same way, so what's the difference? Which one should I use?
linux-kernel usb
What is the difference between /sys/bus/usb/devices/usbX/authorized_default
and /sys/bus/usb/devices/usbX/interface_authorized_default
? Basically, both of the files are responsible for denying access to newly connected devices to USB ports as described here. They seem to work in the same way, so what's the difference? Which one should I use?
linux-kernel usb
linux-kernel usb
asked Aug 21 at 14:23
Mikhail Morfikov
4,335114267
4,335114267
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
The difference is that the new interface authorization allows to enable or disable individual interfaces per bitmask instead allow or deny a whole device. It's mentioned in the document you linked to:
Interface authorization
..........................
There is a similar approach to allow or deny specific USB interfaces.
That allows to block only a subset of an USB device.
..........................
Deny interfaces per default:
echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
Authorize an interface:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
This is useful when e.g. you need to debug devices & drivers (no matching driver found or wrong driver/configuration used and so on...), per feature/functionality lockdown of USB devices etc
In a nutshell:
use
authorized_default
to deny or limit the number of allowed devices
e.g. deauthorize new devices connected tohostX
by defaultecho 0 > /sys/bus/usb/devices/usbX/authorized_default
then connect and authorize the device of your choice:
echo 1 > /sys/bus/usb/devices/DEVICE/authorized
use
interface_authorized_default
if you need to debug or allow/use only a subset of functionality e.g. deny interfaces onhostX
by default:echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default:
authorize the interface of your choice:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
and trigger driver probing:
echo INTERFACE > /sys/bus/usb/drivers_probe
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
The difference is that the new interface authorization allows to enable or disable individual interfaces per bitmask instead allow or deny a whole device. It's mentioned in the document you linked to:
Interface authorization
..........................
There is a similar approach to allow or deny specific USB interfaces.
That allows to block only a subset of an USB device.
..........................
Deny interfaces per default:
echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
Authorize an interface:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
This is useful when e.g. you need to debug devices & drivers (no matching driver found or wrong driver/configuration used and so on...), per feature/functionality lockdown of USB devices etc
In a nutshell:
use
authorized_default
to deny or limit the number of allowed devices
e.g. deauthorize new devices connected tohostX
by defaultecho 0 > /sys/bus/usb/devices/usbX/authorized_default
then connect and authorize the device of your choice:
echo 1 > /sys/bus/usb/devices/DEVICE/authorized
use
interface_authorized_default
if you need to debug or allow/use only a subset of functionality e.g. deny interfaces onhostX
by default:echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default:
authorize the interface of your choice:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
and trigger driver probing:
echo INTERFACE > /sys/bus/usb/drivers_probe
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
add a comment |Â
up vote
1
down vote
accepted
The difference is that the new interface authorization allows to enable or disable individual interfaces per bitmask instead allow or deny a whole device. It's mentioned in the document you linked to:
Interface authorization
..........................
There is a similar approach to allow or deny specific USB interfaces.
That allows to block only a subset of an USB device.
..........................
Deny interfaces per default:
echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
Authorize an interface:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
This is useful when e.g. you need to debug devices & drivers (no matching driver found or wrong driver/configuration used and so on...), per feature/functionality lockdown of USB devices etc
In a nutshell:
use
authorized_default
to deny or limit the number of allowed devices
e.g. deauthorize new devices connected tohostX
by defaultecho 0 > /sys/bus/usb/devices/usbX/authorized_default
then connect and authorize the device of your choice:
echo 1 > /sys/bus/usb/devices/DEVICE/authorized
use
interface_authorized_default
if you need to debug or allow/use only a subset of functionality e.g. deny interfaces onhostX
by default:echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default:
authorize the interface of your choice:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
and trigger driver probing:
echo INTERFACE > /sys/bus/usb/drivers_probe
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
The difference is that the new interface authorization allows to enable or disable individual interfaces per bitmask instead allow or deny a whole device. It's mentioned in the document you linked to:
Interface authorization
..........................
There is a similar approach to allow or deny specific USB interfaces.
That allows to block only a subset of an USB device.
..........................
Deny interfaces per default:
echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
Authorize an interface:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
This is useful when e.g. you need to debug devices & drivers (no matching driver found or wrong driver/configuration used and so on...), per feature/functionality lockdown of USB devices etc
In a nutshell:
use
authorized_default
to deny or limit the number of allowed devices
e.g. deauthorize new devices connected tohostX
by defaultecho 0 > /sys/bus/usb/devices/usbX/authorized_default
then connect and authorize the device of your choice:
echo 1 > /sys/bus/usb/devices/DEVICE/authorized
use
interface_authorized_default
if you need to debug or allow/use only a subset of functionality e.g. deny interfaces onhostX
by default:echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default:
authorize the interface of your choice:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
and trigger driver probing:
echo INTERFACE > /sys/bus/usb/drivers_probe
The difference is that the new interface authorization allows to enable or disable individual interfaces per bitmask instead allow or deny a whole device. It's mentioned in the document you linked to:
Interface authorization
..........................
There is a similar approach to allow or deny specific USB interfaces.
That allows to block only a subset of an USB device.
..........................
Deny interfaces per default:
echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
Authorize an interface:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
This is useful when e.g. you need to debug devices & drivers (no matching driver found or wrong driver/configuration used and so on...), per feature/functionality lockdown of USB devices etc
In a nutshell:
use
authorized_default
to deny or limit the number of allowed devices
e.g. deauthorize new devices connected tohostX
by defaultecho 0 > /sys/bus/usb/devices/usbX/authorized_default
then connect and authorize the device of your choice:
echo 1 > /sys/bus/usb/devices/DEVICE/authorized
use
interface_authorized_default
if you need to debug or allow/use only a subset of functionality e.g. deny interfaces onhostX
by default:echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default:
authorize the interface of your choice:
echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
and trigger driver probing:
echo INTERFACE > /sys/bus/usb/drivers_probe
answered Aug 21 at 16:37
don_crissti
47.3k15125155
47.3k15125155
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
add a comment |Â
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
So, an INTERFACE is just a single USB port or a single USB device?
â Mikhail Morfikov
Aug 21 at 16:58
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
@MikhailMorfikov - no... the article linked in my post gives a basic explanation of what happens when a USB device is plugged in. This answer from SO explains what an interface is... For more details, this is a good place to start: USB in a NutShell
â don_crissti
Aug 21 at 17:15
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
I'm in the middle of the vid from that article. :)
â Mikhail Morfikov
Aug 21 at 17:25
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
Ok, now I know everything, thanks. :)
â Mikhail Morfikov
Aug 21 at 19:37
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f463881%2fusb-device-authorization-difference-between-interface-authorized-default-and-au%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password